Almost everyone who owns a computer is familiar with antivirus software like Norton 360 and Avira. These products help customers protect their devices from malicious software like adware, worms, and trojans. For years, Norton 360 and Avira have been consistent with sticking to what they’re known for – antivirus software protection. However, recently these products have decided to take a step outside of their familiar services and offer their customers cryptocurrency mining services via their antivirus software. Why would Norton 360 and Avira offer this feature within their antivirus software? The answer may be more complicated than you think. Let’s dig into how the cryptocurrency mining program works and why consumers should exercise caution.
Introduced in 2009, Cryptocurrency mining is just like mining for gold, diamonds, or other valuable materials. Instead of buying cryptocurrency (Bitcoin, Monero, Bytecoin, etc.), people can set up their computers at home to mine crypto tokens without having any capital. Despite being associated with cyber criminals, the act of cryptocurrency mining itself isn’t a crime. In fact, there are thousands of people who make a decent living from mining for cryptocurrency.
Various cryptocurrencies, such as Bitcoin, use distributed public ledgers to record all financial transactions. The transactions are public and each one is linked to the previous and subsequent transactions. Because those transactions are public, each record must be validated to prevent fraud. The validation includes solving a complex mathematical problem that is easy to verify. Cryptominers (a network of computers) compete to see who can solve the problem first. The miner (computer) that succeeds first is given the right to post the transaction to the ledger and receive a financial reward, which is paid in cryptocurrency.
Any computer can become a miner; however, the energy and hardware are quite expensive. Therefore, most people use cloud services to cryptomine. Cloud mining allows you to rent dedicated machines, also known as rigs. As a result, you can keep any cryptocurrency the rig mines.
During 2021, Norton 360 announced that they were including a built-in cryptocurrency mining program on their customers’ computers. Meaning, anyone who has the free Norton 360 ant-virus software on their computers received the cryptocurrency miner. A cloud-based service activates the cryptocurrency mining program and allows customers to profit. The program is “opt-in” which means that it will not be automatically enabled on customer computers, but instead a customer will have to manually enable the feature.
The built-in cryptocurrency miner is called Norton Crypto and mines cryptocurrency while your PC is idle. The miner was also allegedly installed without giving Norton’s current users notice. Norton Crypto mines Ethereum (ETH) cryptocurrency and only runs on systems that meet certain hardware and software requirements (like having a 1 GHz processor). Also, Norton creates a digital Ethereum wallet for customers where a key is encrypted and stored securely in the cloud. You can transfer the Ethereum from your digital wallet to Coinbase.
Image 1: Norton Crypto Device Requirements
If you opt-in but decide later that you no longer wish to use Norton Crypto, you can disable the program. According to Norton 360’s FAQ page, the program is available in all Norton 360 plans where Norton determines that a computer meets the minimum system requirements. Right now, Norton Crypto is only supporting Ethereum crypto mining, but they are looking to add other currencies in the future.
Avira Antivirus also introduced their users to cryptocurrency mining in 2021. Avira already has a built-in base of 500 million users due to their products being free. However, Avira was recently bought by the same company that owns Norton 360, NortonLifeLock Inc. Avira’s cryptocurrency miner is called Avira Crypto. Like Norton 360, Avira Crypto is automatically installed on every computer that runs Avira antivirus software, with customers opting in to use the service.
Avira’s FAQ page states that Avira Crypto uses your computer’s idle time to mine for ETH – the same as with Norton Crypto. Additionally, Avira Crypto allows you to disable the cryptocurrency mining program if you no longer wish to have it enabled. Your computer needs to meet the same system requirements as Norton Crypto in order to cryptomine and the miner is a free feature of all Avira security platforms. Avira Crypto has almost identical features to Norton Crypto, featuring a built-in personal wallet that allows you to transfer cryptocurrency to a Coinbase account.
Image 2: An Avira Cryptomining Account
According to Norton, Norton Crypto is included as a part of a free Norton 360 subscription. Avira Crypto is also a part of Avira’s free antivirus security software. Norton stated on their website that Norton Crypto is a way to help customers improve their cybersecurity by allowing them to mine cryptocurrency without having unvetted code on their devices that could be skimming their earnings or planting ransomware.
However, Avira and Norton made it clear in the FAQ sections on their websites that there are coin mining fees, as well as transaction fees to transfer your cryptocurrency. The coin mining fee is 15% of the crypto allocated to the miner and goes directly to Norton or Avira. This fact is interesting considering that cryptocurrency can be mined with regular mining software – which means you wouldn’t have to pay 15% to anyone. There are also transaction fees for transfers of cryptocurrencies which are paid to the users of the cryptocurrency blockchain network who process the transaction.
As we stated before, users who opt-in receive a digital wallet that allows them to store their earnings and then transfer them to Coinbase. However, several Norton Crypto users have taken to Norton’s online forum to address their troubles with withdrawals. According to the users, the transaction fees remain the same regardless of the amount of cryptocurrency being transferred therefore, the system is blocking withdrawals if the amount requested doesn’t cover the transfer fees.
As with anything that has a financial reward, cryptocurrency mining comes with cautionary tales. Threat actors exploit cryptocurrency mining by using malware to mine on other peoples’ networks. This is called cryptojacking and can cause a network to become slower and less efficient – ultimately damaging the computer due to the level of work required to mine.
Because Norton Crypto and Avira Crypto are cloud based, there is a risk of threat actors gaining administrative access to those cloud environments and installing cryptomining malware. This malware has the potential to steal cryptocurrency, compromise sensitive data, and give attackers access to resources. Cryptomining involves pushing a device to its limit and can cause serious damage. The malware that’s installed uses a great amount of power and leaves computers running slow (or not running at all) and electricity bills soaring.
Threat actors like TeamTNT install cryptocurrency malware on vulnerable systems by performing mass internet scans. As one of the most active cybercriminal groups since mid-2020, TeamTNT has developed a sneaky tool kit for malicious activity. The tool kit includes Masscan and port scanner, librocesshider, 7z (decompresses files), b374k shell (controls infected systems), and Lazagne. This tool kit allows TeamTNT to go undetected even with the use of anti-virus and malware detection tools – making it difficult for cyber intelligence engineers and analysts to keep up with their activity. What’s stopping threat actors from scanning the internet for vulnerable devices and using Avira and Norton’s crypto mining programs as gateways? Nothing. Cybercriminals will always try to exploit new products.
Cyber security professionals are confused about the reasons why Norton 360 and Avira are exposing naïve consumers to the cryptocurrency world. Avira is a free product, and we can only assume that a lot of the people who use the product are not experts when it comes to cryptomining and the security concerns behind it. Cryptomining comes with its own set of security challenges therefore, exposing millions of less savvy internet users to a new (to them) part of the internet may do more harm than good in the long run.
Additionally, members of Norton’s community forum are just as perplexed about the cryptomining feature. One user wants to know how adding cryptomining within a security product can be viewed as a “good thing”? The user went on to state that Norton should focus on detecting and derailing cryptomining hijacking, not installing their own.
Image 3: Norton Community Forum Comment
A Norton employee responded to the concerned user and assured them that the company is still killing off cryptomining hijacking even with the miner running.
Image 4: Norton Employee Response
The issue that a lot of cyber security professionals and users are having is that the security of devices seems to be in question. We can see from Norton’s response that they are trying to reassure users that their devices will remain safe even with the miner running on their computers. It’s also important to keep in mind that the program will not run on your computer unless you manually opt-in. However, some users of Norton 360 and Avira don’t want the cryptomining program on their computer either way and were shocked to see that it was installed.
If you are interested in utilizing the feature, it’s important to remember that mining for cryptocurrency causes your computer to use more power, which can increase electricity costs and reduce the lifespan of your hardware. Security researcher, Chris Vickery, said that Norton 360’s cryptomining feature is only amplifying energy consumption and costing customers more in electricity than the customer makes doing the mining. Not all are opposed to Norton Crypto, including this forum member.
Image 5: Norton Community Forum Comment
Norton 360 and Avira aren’t the only ones trying to get in on the cryptocurrency wave. RadioShack believes they can bridge the gap and “cross the chasm” of mainstream usage for cryptocurrency because they are a very old brand. In 2020, they relaunched as an online-focused brand and now want to start their journey as a cryptocurrency exchange.
In December 2021, RadioShack announced RadioShack DeFi (short for decentralized finance), which is a market where people can trade newly announced RADIO tokens as an alternative to a centralized exchange like Coinbase. The details surrounding why the company thinks their consumers want to use cryptocurrency are murky, but the company’s website stated that they believe RadioShack is ready to lead the way for blockchain tech to mainstream adoption by other large brands. Their argument is that older customers don’t trust the new generation’s ideas surrounding cryptocurrency. RadioShack wants to focus more energy on making the “old school” consumer feel more comfortable due to the average “decision making” corporate CEO being 68 years old.
Cryptomining malware can disrupt your entire business operation and create a long-lasting impact. Affecting more than 55% of businesses worldwide, cryptomining malware is the No. 2 threat to consumers and businesses, with no signs of slowing down.
Norton’s and Avira’s antivirus software products are free for users. However, when security seems to be hanging in the balance, we recommend enterprise level antivirus protection like Avertium’s EDR services. Avertium offers the following services to keep your organization safe:
Domain Names for Cryptomining Pools
TIR-20210913 TEAMTNT – “CHIMAERA” CRYPTOMINING MALWARE CAMPAIGN TARGETS SERVERS (avertium.com)
9 Best Bitcoin Mining Pools: Legit Sites (2022 Companies) (buybitcoinworldwide.com)
What is Antivirus Software | Webroot
Norton 360 Now Comes With a Cryptominer – Krebs on Security
What is Avira Crypto? – Official Avira Support | Knowledgebase & Customer Support | Avira
FAQ: Norton Crypto | Norton Community
Absolutely furious... Norton Miner | Norton Community
RadioShack is launching a crypto market for ‘the older generation’ - The Verge
Get started with Norton Crypto
Norton Crypto: Why an antivirus software company is now into cryptomining. (slate.com)
500M Avira Antivirus Users Introduced to Cryptomining – Krebs on Security
This document and its contents do not constitute and are not a substitute for, legal advice. The outcome of a Security Risk Assessment should be utilized to ensure that diligent measures are taken to lower the risk of potential weaknesses be exploited to compromise data.
Although the Services and this report may provide data that Client can use in its compliance efforts, Client (not Avertium) is ultimately responsible for assessing and meeting Client's own compliance responsibilities. This report does not constitute a guarantee or assurance of the Client's compliance with any law, regulation, or standard.